In either case, compliance is mandatory for all organisations that handle personal data of anyone in the EU. And the penalties for not complying with the GDPR are up to 20 million euros or four per cent of global annual turnover. Given the rewards for using data responsibly and intelligently, and the risks of not doing so, it’s obvious the regulation shouldn’t be treated as a tick-box exercise.

We are now seeing several other countries following the lead taken by the EU and putting in place similar privacy legislation. Many global organisations are realising that regardless of rules and regulation, robust data privacy should sit at the heart of their business to build trust, protect their customers and reputation, and drive forwards.

That’s why we’re working with organisations around the world to understand how the systems and processes needed for the GDPR, and other data privacy legislation, can create opportunities to improve decision-making and customer experience.

The key changes

The EU GDPR has made major changes to the old Data Protection Act, including a fundamental alteration to the way organisations manage personal data. Essentially, the GDPR means organisations need to take a more proactive approach to managing personal data.

While we see eight key features of the regulation, we’ve identified three priority areas for organisations to focus on:

the right to erasure and data portability means organisations need a complete understanding of the flow of information

privacy by design, rather than as an afterthought, is needed for systems and organisational culture

as liability has been extended to third-party data processors, organisations need clearly defined accountabilities and agreements.

Impact of THE EU GDPR ON INTERNATIONAL ORGANISATIONS

The EU GDPR has become the gold standard for individual privacy and many governments around the world are following similar privacy legislation. While it applies to any organisation that handles the personal data of people in the EU, the opportunities of complying for organisations that aren’t compelled to are immense.

Customers will be won-over by the commitment to privacy and security. It’ll be easy to capitalise on any opportunities that arise in Europe. And the improvements in data management will generate new insights.

So, whether the question is about the impact of Brexit on GDPR or whether American companies should improve individual privacy, the answer is that GDPR compliance brings big benefits.

How we can help

Our diverse team of experts – covering data protection, cyber security, regulation and compliance, risk management, and business change – will design and implement a sustainable privacy and data protection programme that takes into account the GDPR and other privacy regulations and legislation.

We focus on embedding privacy in a way that maintains long-term compliance while generating business benefits from data. This approach put us at the forefront of GDPR implementation from the outset. Having successfully completed a wide variety of privacy and GDPR projects, we’ve gained an in-depth understanding of the complexities of integrating data privacy into operational environments. Our recent data privacy experience includes:

working with one of the world’s leading life sciences company to implement data privacy globally

carrying out an assurance review of a central bank’s existing GDPR implementation programme to identify potential gaps and helping them re-prioritise their activities to ensure compliance